{"id":7490,"date":"2018-05-29T10:41:45","date_gmt":"2018-05-29T02:41:45","guid":{"rendered":"http:\/\/rmohan.com\/?p=7490"},"modified":"2018-05-29T10:41:45","modified_gmt":"2018-05-29T02:41:45","slug":"how-to-install-fail2ban-in-rhel-6-7","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7490","title":{"rendered":"How to install Fail2ban in rhel 6 &#038; 7"},"content":{"rendered":"<h3 class=\"post-title entry-title\">How to install Fail2ban in rhel 6 &amp; 7<\/h3>\n<div class=\"post-header\">\n<div class=\"post-header-line-1\"><\/div>\n<\/div>\n<div id=\"post-body-7496177991524583244\" class=\"post-body entry-content\">\n<div dir=\"ltr\"><b>What is fail2ban?<\/b><\/p>\n<p>Fail2ban works by scanning and monitoring log files for selected entries then bans IPs that show the malicious signs like too many password failures, seeking for exploits, etc.<\/p>\n<p><b><br \/>\n1. Install Fail2Ban<\/b><\/p>\n<p>For RHEL 6<\/p>\n<p>rpm -Uvh http:\/\/dl.fedoraproject.org\/pub\/epel\/6\/x86_64\/epel-release-6-8.noarch.rpm<\/p>\n<p>For RHEL 7<\/p>\n<p>rpm -Uvh http:\/\/dl.fedoraproject.org\/pub\/epel\/7\/x86_64\/Packages\/e\/epel-release-7-11.noarch.rpm<\/p>\n<p><b>yum install fail2ban<\/b><\/p>\n<p><b>2. Copy the Configuration File<\/b><\/p>\n<p>The default fail2ban configuration file is located at \/etc\/fail2ban\/jail.conf. The configuration work should not be done in that file, since it can be modified by package upgrades, but rather copy it so that we can make our changes safely.<\/p>\n<p>We need to copy this to a file called jail.local for fail2ban to find it:<\/p>\n<p><b><br \/>\ncp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local<\/b><\/p>\n<p><b><br \/>\n3. Configure defaults in Jail.Local<\/b><\/p>\n<p>The first section of defaults covers the basic rules that fail2ban will follow to all services enabled for fail2ban that are not overridden in the service&#8217;s own section.. If you want to set up more nuanced protection for your server, you can customize the details in each section.<\/p>\n<p>You can see the default section below.<\/p>\n<p>[DEFAULT]<\/p>\n<p># &#8220;ignoreip&#8221; can be an IP address, a CIDR mask or a DNS host. Fail2ban will not<br \/>\n# ban a host which matches an address in this list. Several addresses can be<br \/>\n# defined using space separator.<br \/>\nignoreip = 127.0.0.1<\/p>\n<p># &#8220;bantime&#8221; is the number of seconds that a host is banned.<br \/>\nbantime\u00a0 = 3600<\/p>\n<p># A host is banned if it has generated &#8220;maxretry&#8221; during the last &#8220;findtime&#8221;<br \/>\n# seconds.<br \/>\nfindtime\u00a0 = 600<\/p>\n<p># &#8220;maxretry&#8221; is the number of failures before a host get banned.<br \/>\nmaxretry = 3<\/p>\n<p><b>4. Add a jail file to protect SSH<\/b><\/p>\n<p>Although you can add this parameters in the global jail.local file, it is a good practice to create seperate jail files for each of the services we want to protect with Fail2Ban.<\/p>\n<p>So lets create a new jail for SSH with the vi editor.<\/p>\n<p><b>vi \/etc\/fail2ban\/jail.d\/sshd.local<\/b><\/p>\n<p>In the above file, add the following lines of code:<\/p>\n<p>[sshd]<br \/>\nenabled = true<br \/>\nport = ssh<br \/>\naction = iptables-multiport<br \/>\nlogpath = \/var\/log\/secure<br \/>\nmaxretry = 3<br \/>\nbantime = 3600<\/p>\n<p><b>5. Restart Fail2Ban<\/b><\/p>\n<p><b>service fail2ban restart<\/b><\/p>\n<p><b>iptables -L<\/b><\/p>\n<p>Check Fail2Ban Status<\/p>\n<p>Use fail2ban-client command to query the overall status of the Fail2Ban jails.<\/p>\n<p><b><br \/>\nfail2ban-client status<\/b><\/p>\n<p>You can also query a specific jail status using the following command:<\/p>\n<p><b>fail2ban-client status sshd<\/b><\/p>\n<p>Manually Unban IP Banned by Fail2Ban<\/p>\n<p>If for some reason you want to grant access to an IP that it is banned, use the following expression to manually unban an IP address, banned by fail2ban:<br \/>\n<b><br \/>\nfail2ban-client set JAIL unbanip IP<\/b><\/p>\n<p>eg. Unban IP 192.168.1.101, that was banned according to [ssh-iptables] jail:<\/p>\n<p><b>fail2ban-client set sshd unbanip 192.168.1.101<\/b><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>How to install Fail2ban in rhel 6 &amp; 7 What is fail2ban?<\/p>\n<p>Fail2ban works by scanning and monitoring log files for selected entries then bans IPs that show the malicious signs like too many password failures, seeking for exploits, etc.<\/p>\n<p> 1. Install Fail2Ban<\/p>\n<p>For RHEL 6<\/p>\n<p>rpm -Uvh http:\/\/dl.fedoraproject.org\/pub\/epel\/6\/x86_64\/epel-release-6-8.noarch.rpm<\/p>\n<p>For RHEL 7<\/p>\n<p>rpm -Uvh [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[73],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7490"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7490"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7490\/revisions"}],"predecessor-version":[{"id":7491,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7490\/revisions\/7491"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}